Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenet traces don't include memory writes done by the fuzzer #210

Open
Ninja3047 opened this issue Sep 1, 2024 · 6 comments
Open

Tenet traces don't include memory writes done by the fuzzer #210

Ninja3047 opened this issue Sep 1, 2024 · 6 comments
Labels
enhancement New feature or request

Comments

@Ninja3047
Copy link

It would be really nice if writes done by the fuzzer using VirtWriteDirty like so

  if (!g_Backend->VirtWriteDirty(NewInputBuffer, MutatedInputBufferPtr,
                                 MutatedInputBufferSize)) {
    fmt::print("Failed to insert the testcase\n");
    std::abort();
  }

could be added to the tenet coverage trace. This will make triaging tenet traces easier since you'll be able to see what part of the input buffer caused the crash if it hasn't been accessed since the fuzzer wrote it. This should also handle the case where we call VirtWriteDirty in the SetBreakpoint callback.

as a workaround, i have a janky python script that parses the output tenet files and adds a memory write to approximately the right location containing the buffer from the crash but this isn't ideal.
@0vercl0k
Copy link
Owner

0vercl0k commented Sep 1, 2024

That's a great idea and it makes a lot of sense, thanks for reporting 🙏🏽

I'll take a look at how this can be done but it'll take a minute :) Happy to collaborate / help out code-review if you want to take a crack at it though!

Cheers

@0vercl0k 0vercl0k added the enhancement New feature or request label Sep 1, 2024
@0vercl0k
Copy link
Owner

0vercl0k commented Nov 3, 2024

All right, I am now back from my traveling so I will be looking at this this week; stay tunned.

Cheers

0vercl0k added a commit that referenced this issue Nov 3, 2024
@0vercl0k
Fix #210: Artificially insert Tenet memory read/write entries when th…
74ffbb8 
…e user does

memory reads / writes in breakpoint callbacks or anywhere else.
@0vercl0k
Copy link
Owner

0vercl0k commented Nov 3, 2024
edited
Loading

Okay I think this should work - I also added memory read as Tenet uses this information for memory access breakpoints.

@Ninja3047 would you mind giving a shot to the fbl_fix#210 (https://github.com/0vercl0k/wtf/tree/fbl_%23210) branch and verify that it does indeed fix the issue you were describing in this thread 🙏🏽🙏🏽?

I tested this on a few testcases and it seems to work as expected; hopefully it does for you as well.

Cheers

@0vercl0k
Copy link
Owner

0vercl0k commented Nov 9, 2024

@Ninja3047 gentle ping on this one - if I don't hear back I'll merge this next week as is then 😅

Cheers

@Ninja3047
Copy link
Author

Sorry for the late response. won't have access to my Windows setup for a bit so feel free to just merge if it worked for you. The code looks roughly like how I would have added it.

@0vercl0k
Copy link
Owner

No worries at all :)

I am happy to wait until the end of the month or longer if that means you give it a go - I'd rather take longer but make sure it fixes the issue you encountered than merging something that's not tested.

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ninja3047 @0vercl0k